Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec VPN don't reconnect after daily DSL reconnect UTM 9.2

I'm running a UTM 120 software version 9.202-33. Our DSL is connfigured to restart every night at 6:00 a.m. to prevent disconnection by our provider. After that disconnection 7 out of 9 IPSec tunnel don't come up again.

We use a fixed ip adress and I already tripple checked configuration.

It is even not possible to get the IPSec tunnels running by stopping and starting them manually in the WebAdmin. Only rebooting the machine helps.

The protocol fills with following messages:
[FONT="Courier New"]
2014:06:30-07:34:53 gateway2 pluto[1361]: "S_REF_IpsSitVpn_0" #890: responding to Main Mode
2014:06:30-07:34:53 gateway2 pluto[1361]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #890
2014:06:30-07:34:53 gateway2 pluto[1361]: | next event EVENT_RETRANSMIT in 2 seconds for #882
2014:06:30-07:34:55 gateway2 pluto[1361]: | 
2014:06:30-07:34:58 gateway2 pluto[1361]: | *time to handle event
2014:06:30-07:34:58 gateway2 pluto[1361]: | event after this is EVENT_RETRANSMIT in 0 seconds
2014:06:30-07:34:58 gateway2 pluto[1361]: | handling event EVENT_RETRANSMIT for 80.87.174.11 "S_REF_IpsVpn_0" #870
2014:06:30-07:34:58 gateway2 pluto[1361]: | inserting event EVENT_RETRANSMIT, timeout in 40 seconds for #870
2014:06:30-07:34:58 gateway2 pluto[1361]: | next event EVENT_RETRANSMIT in 0 seconds for #869
2014:06:30-07:35:01 gateway2 pluto[1361]: | *received 488 bytes from 8.8.1.1:500 on ppp0
2014:06:30-07:35:01 gateway2 pluto[1361]: packet from 8.8.1.1:500: ignoring Vendor ID payload [FRAGMENTATION c0000000]
2014:06:30-07:35:01 gateway2 pluto[1361]: | preparse_isakmp_policy: peer requests PSK authentication
2014:06:30-07:35:01 gateway2 pluto[1361]: | creating state object #891 at 0x8b39048
2014:06:30-07:35:01 gateway2 pluto[1361]: | ICOOKIE:  79 59 49 91  69 46 29 35
2014:06:30-07:35:01 gateway2 pluto[1361]: | RCOOKIE:  27 c7 b4 24  b7 3f 8d d0
2014:06:30-07:35:01 gateway2 pluto[1361]: | peer:  50 57 ae 0b
2014:06:30-07:35:01 gateway2 pluto[1361]: | state hash entry 4
2014:06:30-07:35:01 gateway2 pluto[1361]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #891[/FONT]

Some suggestions where and how to check further?

Is there any way to restart the complete IPSec part of the UTM without restarting the UTM?


This thread was automatically locked due to age.
Parents
  • Wow - your first post in over seven years - welcome!

    First, please disable debug and show us about 50 lines related to one of these problem reconnections.  Did this work correctly before the Up2Date to 9.203, or is this a new installation?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Wow - your first post in over seven years - welcome!

    First, please disable debug and show us about 50 lines related to one of these problem reconnections.  Did this work correctly before the Up2Date to 9.203, or is this a new installation?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children